GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM

Victor van der Veen*, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

294 Downloads (Pure)

Abstract

Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings
Subtitle of host publication15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings
PublisherSpringer/Verlag
Pages92-113
Number of pages22
ISBN (Electronic)9783319934112
ISBN (Print)9783319934105
DOIs
Publication statusPublished - 2018
Event15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018 - Saclay, France
Duration: 28 Jun 201829 Jun 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10885 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018
Country/TerritoryFrance
CitySaclay
Period28/06/1829/06/18

Fingerprint

Dive into the research topics of 'GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM'. Together they form a unique fingerprint.

Cite this